:''GNOME Keyring is a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications.''

−

+

{{Note| 1=Gnome Keyring does not support ECDSA keys. See [https://bugzilla.gnome.org/show_bug.cgi?id=641082 Bug 641082].}}

−

The GNOME Keyring stores passwords in an encrypted file that can be accessed by applications.

+

== Installation ==

+

If you're using GNOME, gnome-keyring got installed automatically as a part of it. If you're using a different setup, install {{Pkg|gnome-keyring}} from the [[official repositories]].

== Manage using GUI ==

== Manage using GUI ==

−

pacman -S seahorse

+

# pacman -S seahorse

−

It is possible to leave the GNOME keyring password blank. In seahorse, on the Passwords tab, right click on "Passwords: login" and pick "Change password." Enter the old password and leave empty the new password. You will be warned about using unencrypted storage; continue by pushing "Use Unsafe Storage."

+

It is possible to leave the GNOME keyring password blank or change it. In seahorse, in the "View" dropdown, select "By Keyring". On the Passwords tab, right click on "Passwords: login" and pick "Change password." Enter the old password and leave empty the new password. You will be warned about using unencrypted storage; continue by pushing "Use Unsafe Storage."

If you experience problems retrieving information from the keyring, make sure that the variables "DBUS_SESSION_BUS_ADDRESS" and "DBUS_SESSION_BUS_PID" are exported in the target environment.

+

+

Instructions on how to use GNOME Keyring in Xfce are in the [[Xfce#SSH_Agents|SSH Agents section]] on that page.

== SSH Keys ==

== SSH Keys ==

Line 38:

Line 40:

Now when you connect to a server, the key will be found and a dialog will popup asking you for the passphrase. It has an option to automatically unlock the key when you login. If you check this you will not need to enter your passphrase again!

Now when you connect to a server, the key will be found and a dialog will popup asking you for the passphrase. It has an option to automatically unlock the key when you login. If you check this you will not need to enter your passphrase again!

−

== The gnome-keyring dialog does not appear in some terminals when connecting with SSH ==

GNOME's login manager ({{pkg|gdm}}) will automatically unlock the keyring once you log in; for others it is not so easy.

GNOME's login manager ({{pkg|gdm}}) will automatically unlock the keyring once you log in; for others it is not so easy.

−

For SLiM, see [[SLiM#SLiM_and_Gnome_Keyring]], This method works for KDM as well, but you need to edit {{ic|/etc/pam.d/kde}} instead of {{ic|/etc/pam.d/slim}}.

+

For SLiM, see [[SLiM#SLiM_and_Gnome_Keyring]]; For KDM see [[KDM#KDM_and_Gnome-keyring]]

If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring. '''Note''': your passwords will be stored unencrypted if you do this.

If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring. '''Note''': your passwords will be stored unencrypted if you do this.

+

+

If you use console based login, automatic unlocking of the keyring can be achieved by the following changes in {{ic|/etc/pam.d/login}}:

+

Add {{ic|auth optional pam_gnome_keyring.so}} at the end of the {{ic|auth}} section and {{ic|session optional pam_gnome_keyring.so auto_start}} at the end of the {{ic|session}} section. The result should look similar to this:

+

#%PAM-1.0

+

+

auth required pam_securetty.so

+

auth requisite pam_nologin.so

+

auth include system-local-login

+

auth optional pam_gnome_keyring.so

+

account include system-local-login

+

session include system-local-login

+

session optional pam_gnome_keyring.so auto_start

+

+

Next, add {{ic|password optional pam_gnome_keyring.so}} to the end of {{ic|/etc/pam.d/passwd}}. The file should look somewhat like this:

Installation

If you're using GNOME, gnome-keyring got installed automatically as a part of it. If you're using a different setup, install gnome-keyring from the official repositories.

Manage using GUI

# pacman -S seahorse

It is possible to leave the GNOME keyring password blank or change it. In seahorse, in the "View" dropdown, select "By Keyring". On the Passwords tab, right click on "Passwords: login" and pick "Change password." Enter the old password and leave empty the new password. You will be warned about using unencrypted storage; continue by pushing "Use Unsafe Storage."

Use Without GNOME

It is possible to use GNOME Keyring without the rest of the GNOME desktop. To do this, add the following to your ~/.xinitrc file:

If you experience problems retrieving information from the keyring, make sure that the variables "DBUS_SESSION_BUS_ADDRESS" and "DBUS_SESSION_BUS_PID" are exported in the target environment.

Instructions on how to use GNOME Keyring in Xfce are in the SSH Agents section on that page.

SSH Keys

To add your SSH key:

$ ssh-add ~/.ssh/id_dsa
Enter passphrase for /home/mith/.ssh/id_dsa:

To list automatically loaded keys:

$ ssh-add -L

To disable all keys;

$ ssh-add -D

Now when you connect to a server, the key will be found and a dialog will popup asking you for the passphrase. It has an option to automatically unlock the key when you login. If you check this you will not need to enter your passphrase again!

Unlock at Startup

If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring. Note: your passwords will be stored unencrypted if you do this.

If you use console based login, automatic unlocking of the keyring can be achieved by the following changes in /etc/pam.d/login:
Add auth optional pam_gnome_keyring.so at the end of the auth section and session optional pam_gnome_keyring.so auto_start at the end of the session section. The result should look similar to this: